blackmoon | 18d4daba1a680cb94ffe834f6a7125e0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

18d4daba1a680cb94ffe834f6a7125e0_JC.exe
Size

360KB
MD5

18d4daba1a680cb94ffe834f6a7125e0
SHA1

9fd82dd0c345386592c35902ca7b5191fc468fd2
SHA256

a2eeab21dcd6c2f8ff1e9dc41b606cad89bf1279ab4e4143e21a2ec3556a22a1
SHA512

484588ab6e1a03f2a78bf5047c3f4a6af5c72ee8056d8c6f05df87c3a22709e656a21905ff8167c52465b43776cac81870c800e571faabc69d16d160691ae716
SSDEEP

6144:nJ9TkVVB3HJWv6c5VJoBjxhapdbSoZYmc8:nJ9TU/5t2VJoBjxMd1Z08

Score

10^/10

blackmoon

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18d4daba1a680cb94ffe834f6a7125e0_JC.exe

Files

18d4daba1a680cb94ffe834f6a7125e0_JC.exe
.exe windows:4 windows x86

c71515e635e66ddcf2fd3edc5f3a1fa1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCommandLineA
FindFirstFileA
RemoveDirectoryA
FindNextFileA
FindClose
GetTickCount
CreateFileA
WriteFile
GetStartupInfoA
CreateProcessA
WaitForSingleObject
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
LCMapStringW
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
IsBadReadPtr
HeapReAlloc
ExitProcess
LocalSize
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleA
CloseHandle
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapSize
RaiseException
TerminateProcess
RtlUnwind
VirtualQueryEx
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
RtlMoveMemory
GetCurrentProcessId
MoveFileA
CreateDirectoryA
OpenFile
SetWaitableTimer
CreateWaitableTimerA
MoveFileExA
DeleteFileA
CreateThread
GetOEMCP
GetCPInfo
CreateEventA
OpenEventA
FlushFileBuffers
SetFilePointer
SetErrorMode
GetProcessVersion
FindResourceA
LoadResource
LockResource
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
SetLastError
InterlockedIncrement
lstrcpyA
lstrcatA
WritePrivateProfileStringA
InterlockedDecrement
GlobalFlags
MulDiv
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
lstrlenA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLastError
GetCurrentProcess
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom

user32

TrackMouseEvent
DestroyIcon
PostQuitMessage
SetWindowLongA
DestroyCursor
CreateWindowExA
SetCursor
GetDlgItem
IsWindow
GetClassNameA
DefMDIChildProcA
DefWindowProcA
DestroyWindow
GetClientRect
GetWindowLongA
LoadCursorA
PeekMessageA
wsprintfA
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
CheckMenuItem
RemoveMenu
MenuItemFromPoint
GetMenuDefaultItem
GetMenuInfo
GetMenuState
GetMenuItemRect
GetMenuItemInfoA
GetMenuStringA
TrackPopupMenu
SetForegroundWindow
CheckMenuRadioItem
GetMenuItemID
GetSubMenu
SetMenuInfo
GetAsyncKeyState
GetMenuItemCount
AppendMenuA
DestroyMenu
LoadMenuA
GetSystemMenu
CreatePopupMenu
GetForegroundWindow
GetActiveWindow
GetLastActivePopup
SetWindowsHookExA
GetCursorPos
CallNextHookEx
GetKeyState
GetNextDlgTabItem
EnableMenuItem
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
PtInRect
GetDlgCtrlID
GetWindow
ClientToScreen
UnhookWindowsHookEx
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
SendDlgItemMessageA
GetWindowPlacement
SystemParametersInfoA
GetMessagePos
GetMessageTime
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
MapWindowPoints
LoadIconA
GetSysColorBrush
LoadStringA
UnregisterClassA
PostThreadMessageA
CreateDialogIndirectParamA
EndDialog
CreateMenu
KillTimer
SetTimer
RegisterClassExA
SetActiveWindow
CallWindowProcA
EndPaint
BeginPaint
SendMessageA
GetWindowThreadProcessId
MsgWaitForMultipleObjects
InsertMenuA
SetFocus
GetFocus
GetWindowRect
GetParent
ScreenToClient
InvalidateRect
ValidateRect
UpdateWindow
MoveWindow
SetWindowPos
PostMessageA
SetParent
IsWindowVisible
ShowWindow
IsWindowEnabled
EnableWindow
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
MessageBoxA
SetPropA
GetPropA
RemovePropA
SetWindowRgn
DispatchMessageA
TranslateMessage
IsDialogMessageA
TranslateAcceleratorA
GetMessageA
UnregisterHotKey
RegisterHotKey
RegisterWindowMessageA
DrawMenuBar
SetMenu
GetMenu
GetSystemMetrics
IsZoomed
IsIconic
GetSysColor
FillRect
SetClassLongA
GetClassLongA
SetRect

advapi32

RegOpenKeyA
RegDeleteKeyA
LookupAccountSidA
RegCreateKeyA
RegDeleteValueA
RegEnumKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegFlushKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
DragQueryFileA
DragFinish
Shell_NotifyIconA
DragAcceptFiles

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleRun
CoRegisterMessageFilter
CLSIDFromString
CLSIDFromProgID
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoCreateInstance

gdi32

GetObjectA
CreateCompatibleDC
CreateDIBSection
DeleteDC
SelectObject
BitBlt
ExtCreateRegion
CombineRgn
CreateRoundRectRgn
StretchBlt
CreateSolidBrush
CreatePatternBrush
CreateBitmap
GetStockObject
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SaveDC
DeleteObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx

wininet

InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
HttpAddRequestHeadersA
InternetOpenUrlA
InternetOpenA

shlwapi

PathFileExistsA

urlmon

URLDownloadToFileA

wtsapi32

WTSEnumerateProcessesA
WTSFreeMemory

atl

ord42

oledlg

ord8

oleaut32

LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comctl32

ord17

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c71515e635e66ddcf2fd3edc5f3a1fa1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

gdi32

wininet

shlwapi

urlmon

wtsapi32

atl

oledlg

oleaut32

winspool.drv

comctl32

Sections

.text Size: 208KB - Virtual size: 205KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 124KB - Virtual size: 219KB

.text
Size: 208KB - Virtual size: 205KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 124KB - Virtual size: 219KB